mircea_popescu: danielpbarron anyway, the goal isn't specifically client competition. but it seems to me it's a necessary possibility.
mod6: evenin', gonna step through these logs here.
mod6: Ok well, I'm all caught up here.
a111: Logged on 2018-07-16 15:44 mircea_popescu: thoughts plox! (and i specifically want everyone to say at least an ack, so let's page asciilifeform ave1 ben_vulpes BingoBoingo danielpbarron diana_coman hanbot lobbes mod6 phf spyked trinque )
mod6: From the earlier discussion, I tend to see a lot of points from all sides. And quite an interesting discussion. I've been thinking on it all day.
mod6: I've been trying to see how this doesn't end up with a bunch of finger-pointing once someone's source code is inevitably leaked. (If it can happen, it will happen.)
mod6: When given the prospect of asking someone in L1 to hold long-term, or indefinite secrets as opposed to short-term secrets, it gets much harder to evaluate the trust or risk. One can not predict
mircea_popescu: mod6 we have the only instrument known to man of productive fingerpointing.
mod6: what may happen in the future; trust between two or more people might not be the same as it is today.
mod6: Well, my fear is that: Lord X encypts $src_code, to {a,b,c,d} ; as was said before, it would be impossible to tell if $src_code was leaked by X, or a,b,c or d. (This was stated earlier too).
mircea_popescu: consider the case at hand. i dunno if you've read the proposed protocol etc, but suppose it happens with euclient. so recognized owner creates a new set of binaries (i dunno, moves a class around say) and i use the new hashes for server, and so the leaker gets what exactly ? client for a server that won't talk to it ?
mod6: Another scenario that I was kind of thinking about is where: Lord X encrypts $src_code, drops it into deedbot, and $src_code is encyptped to {a,b,c,d}. Upon a future date, person 'a', is drummed out and neg-rated. Nothing stops person 'a' from still decypting that $src_code with his key, neg-rated or not. This is not wholly differnt than before... just saying that there's no "backsies".
mircea_popescu: this isn't some sort of banana republic, where it's either go president or get shot.
mircea_popescu: not really. there's a mechanism to permit the user to check his client against what it tells the server
mircea_popescu: i dunno, i wouldn't use any online banking thing that didnt'; checksum
mod6: Another thing, I was thinking about was: Perhaps shipping the source to all L1, maybe let people request this themselves.
mod6: I'd like to say, that I don't think that it's an over all /bad/ idea, I'm just not sure if it's a good idea either. I think this might just be a case-by-case basis.
mod6: I would like for TMSR~ to retain it's own code; for many reasons, including preventing other possible fraud and snake-oil salesmen... a variety of things have been written about on the subject in here actually.
mod6: I'm not sure that we have the correct abilities to do such a thing at this time, at least on a policy based level.
mod6: nope, but who knows. maybe someone finds a winner-takes-all-zero-day, to be used at time X.
mod6: and as far as the eulora client, maybe S.MG wants the source to remain closed, this is for them to decide.
mircea_popescu: asciilifeform yes. one guy puts in all the work to make the damned thing, and then some moron "forks" it.
mod6: It seems like a burden to thrust these decisions upon the L1 however, should someone defect and leak the sensitive materials.
mircea_popescu: all that code SHOULD NOT have been shared. not with fucking red hat, not with fucking koch, not with fucking drepper and so on.
mircea_popescu: for the same reason the lusers preferred gcc 5 to gcc 4.
mod6: I see this as even beyond the Eulora scenario, stretching out to any TMSR~ source; I just don't see a good way to solve it right now, other than being selective with who gets rights to see the $src.
mircea_popescu: i'm thinking more in the veins of, "really, you gave monkey ak ?"
mircea_popescu: seems human civilisation managed to mostly keep rifles out of the hands of children, potash out of the mouths of babes and so on.
mircea_popescu: wait for someone to sink in the (not insiginificant) cost of fixing the code, "fork" it, market it, and essentially cash in on the op's work.
mircea_popescu: yes, well, ideally this should be kept at a minimum. both the kloinking and the sharding.
mircea_popescu: and think in terms of confusable ~by whom~. as far as 50% or so of fetlife female moron population is concerned, they have "a master" or whatever in that vein.
mircea_popescu: because they're fucked in the head, and literally can not distinguish anything from anythning else.
mod6: Anyway Gentlemen, I think that currently this comes down to: 1) "How much do I trust the man standing next to me?" and 2) What are the consequences should others betray and leak my valuable assets?
mircea_popescu: asciilifeform ok, but you recall ye olde discussions re governance etc ?
a111: Logged on 2018-07-16 17:43 diana_coman: there's the golden goose too! and for that matter there was that "pay the oracle to give you answers" event for all the good it did
mircea_popescu: asciilifeform not at all. people should be able to play a fucking game without necessarily understanding how the actual code works.
mircea_popescu: that's the whole fucking point. not just of writing games, but of storytelling altogether, as a whole discipline reaching all the way to the core of substance. people's enjoyment of reading say
http://btcbase.org/log/2018-07-16#1835256 might be ~enhanced~ by a secure mastery of the writer's craft
☝︎ mircea_popescu: however, at the most basic level, literature must remain enjoyable for the barely literate.
mod6: it does work this way ^, must have key registered with the server to even log in.
Mocky: my understanding is minigame wants there to be 3rd party clients, but would want access to the src and be assured binary matches src. but if src fully available then good client gets forked so what incentive to write client?
mircea_popescu: asciilifeform note i'm not forbidding anyone from ~publishing~ their client.
lobbes: imo, the bar to actually 'playing eulora' is above that of monkey anyway (at least -right now- unless someone figures out the 'monetize the fetlife girls angle for eulora)
mircea_popescu: asciilifeform this is deeply not so. attempts to make people pay insane amounts always failed, and this has no relation to software whatsoever.
mircea_popescu: people will gladly pay reasonable sums for anything whatsoever.
lobbes: I could see someone creating a 'ecu casino' for the 'masses' indeed
mircea_popescu: it is however not the customer's problem that the fair price point for borland whatever is 0.0006 except borland can';t chage that because must be 9.95 or else visa monopoly throws a fit.
☟︎ mircea_popescu: notice that ~even today~ there's solid market in "music cds". if you want i can photograph the people outside trying to sell their shiny "extrenos"
mircea_popescu: but at a buck a shot. not at 20 bux a shitty "album" cd.
mircea_popescu: lobbes consider the obvious example -- people will pay (but ~a few ecu~ sorta thing) to merely ~use~ an auction bot. they could just do that by fucking hand, what's to keep them.
mod6: What if, you gave out the S.MG binary client, and along with it, an example client. Void of code that you would consider "trade secrets". This way people can use the example to get their own off the ground with the most minimal information required to do so?
mod6: Or am I being retarded here?
mircea_popescu: well, there's obviously a published server protocol, as well as the old client... these don't constitute ?
mod6: I figured, can't really help it with the old client. Was thinking maybe there is a new one in the works with some stuff that need not be open sores.
Mocky: asciilifeform, i dont' even see it as an issue of paying for software: the paying or not doesn't need to differ from the case where minigame writes the official client
Mocky: this makes sense to me. the only thing i have against it is asciilifeform and mod6 argument about the burden of keeping secrets. while I don't see the proposed method as actually burdensome, i see the argument in the general case
mircea_popescu: i suppose. though honestly, what is it, don't decrypt the deed, it'll sit there.
mircea_popescu: i would expect it is actually a ~gain~ if one discovers he's leaking secrets unwillingly.
Mocky: if in the case of a confirmed leak, pointed questions could be asked even of those who never so much as looked at it. and i'm not saying answering questions is a big burden, but alternately not being suspected in the first place could be considered a benefit
mod6: well, any defendant of such an accusation would have to ask Lordship to /believe/ they didn't do it; not sure how they would ask Lordship to /verify/ they are telling the truth.
Mocky: there's no way toknow, obviously. but if i wrote a client under this l1 confidence model, and it leaked not by me, i would suspect someone in l1... who else?
mircea_popescu: mod6 why would they have to ask anyone anything ? Mocky so you'd suspect. and ?
mircea_popescu: if your lunch were gone from your brown paper bag you wouldn't suspect me, you'd suspect someone who worked there. and ?
mod6: I'm saying in the instance of inquisition. I don't think there is any way to separate a willful liar from someone who lost control of their key.
☟︎ mod6: Identity as such will be condemed, indeed.
Mocky: i don't see it as a problem for the client writer. to the contrary i would expect clients to get regular updates and older versions less useful relatively over time. but maybe asciilifeform doesn't care about eulora at all, why involve when only possible involvement 'suspected of leak'?
mircea_popescu: yeah but i mean... i dunno, sometimes i feel like i'm the only one who was ever 12. so you're at camp, and someone spread toothpaste on the teacher's moustache while he slept. so ?
mircea_popescu: Mocky well in thsi case, because the barrier to entry is a major destroyer of interest. maybe if he can read at cost 0 he reads and if he can read at cost epsilon, he doesn't.
mircea_popescu: people fuck more girls they find in their bed spread eagled than girls they have to say hello to.
mircea_popescu: otherwise, biologically, "never meet again" is the winning strategy.
mircea_popescu: anyway, it's altogether doubtful that this naive model of imperial "progress" ever applied to software. i don't expect lcients to become ever better over time.
Mocky: if shortwave repeater was in l1 confidence and one day i became l1, i wouldn't see having to keep that secret as a burden.
☟︎ Mocky: seems theres a general level of good enough, that's rarely hit first release
mircea_popescu: or i dunno, maybe you're the one guy who thinks need for speed only finally nailed the plot on installment 8.
mircea_popescu: and are already lining up for the 9th version of vin diesel being retarded from profile.
Mocky: if there turns out competition between clients, maybe i want to do something to get more market share
Mocky: or maybe not. i still have software from the 90's that I use on a daily basis, install straight from orig 90's cd
mircea_popescu: and i tend to play games from 20 years ago today still. which...
mod6: have fun, mircea_popescu
mod6: Maybe a "developer license" isn't a bad idea either. Could raise some capital, and constrain the source code to those who promise not to share it and who want/need it.
☟︎ ave1:
http://btcbase.org/log/2018-07-16#1834921, ack. I think it's a brilliant idea. Especially, points (2) and (3) and I'm not worried about the "keeping a secret" parts. First, I've worked for companies with an extensive secret code base (and this code is and has been secret for a long time > 30 years) . Second, all leaked sources are "illegal" anyway (as in this source was not sanctioned, so it's worthless).
☝︎ a111: Logged on 2018-07-16 15:44 mircea_popescu: as we're contemplating an eulora client rewrite, i am contemplating the following code release paradigm : client author a) releases code encrypted to l1, signed and deeded (so basically, gpg -aer asciilifeform -r ave1 -r etc) ; b) releases precompiled binaries for allcomers.
ave1: Third, it is not about who leaked it (I do not care about that much). It's about trust and if L1 does not trust each other, then what?
ave1: I find the 'if it can happen, it will happen' a strange argument. Let's say you let a friend stay in your house while you are away for a couple of months? Yes, he could destroy the house and steal the contents, still this arrangement works and has worked for many friends.
☟︎ ave1: I like it (I thinks it's paramount) that the republic is exclusive and not inclusive . (It then means something if you are included)
ave1: And the whole thing affirms the power/status of the Lords. I.E. when an author goes against a Lords wishes or AWOL it is then in the power of that Lord to contact another author and give him the source etc.
☟︎ spyked:
http://btcbase.org/log/2018-07-16#1834921 <-- I'm sold on the idea i. in particular for eulora, and ii. otherwise for it to be established on a case-by-case basis. for (i), I see nothing wrong with e.g. challenging users to reverse-engineer the client (or maybe I'm just nostalgic about game cracking/trainers).
☝︎☟︎ a111: Logged on 2018-07-16 15:44 mircea_popescu: as we're contemplating an eulora client rewrite, i am contemplating the following code release paradigm : client author a) releases code encrypted to l1, signed and deeded (so basically, gpg -aer asciilifeform -r ave1 -r etc) ; b) releases precompiled binaries for allcomers.
a111: Logged on 2018-07-16 15:44 mircea_popescu: the evident disadvantage is that this only works if we can rely on l1 to keep a secret ; which means things (such as, that it can't be as big, for instance).
a111: Logged on 2018-07-17 02:13 asciilifeform: mircea_popescu: i thought of 1 far-conveyor item where i actually had it in my notes 'to be for l1 encyclical only' -- the shortwave repeater
a111: Logged on 2018-07-16 16:28 asciilifeform: mircea_popescu: releasing binaries does not create this guarantee. even static elf, when put on a box where linus et al (or his successor) see it fit to subtly change the abi, will bomb, and not necessarily immediately. and i'ma still 'be idiot'
spyked: banned, with all that comes from that.
☟︎ a111: Logged on 2018-07-17 03:00 asciilifeform: Mocky: i grasp the argument, but must point out that all attempts to date to cudgel people into paying for software, have ended in tears ( usually for the cudgel-wielder )
a111: Logged on 2016-04-22 01:10 asciilifeform: ida is a particularly interesting case because it is a TOTAL monopoly
a111: Logged on 2015-06-25 03:13 asciilifeform: ilfak guilfanov.
a111: Logged on 2018-07-17 03:47 mod6: Maybe a "developer license" isn't a bad idea either. Could raise some capital, and constrain the source code to those who promise not to share it and who want/need it.
a111: Logged on 2018-07-17 03:24 Mocky: if shortwave repeater was in l1 confidence and one day i became l1, i wouldn't see having to keep that secret as a burden.
a111: Logged on 2018-07-17 03:19 mod6: I'm saying in the instance of inquisition. I don't think there is any way to separate a willful liar from someone who lost control of their key.
a111: Logged on 2018-07-17 09:53 spyked: banned, with all that comes from that.
spyked: aha, question is strictly when (next month, year or decade), not if. and even if abi remains stable, /me expects something along the lines of "linux kernel 6.3 only compiles with gcc >17" around the corner.
ave1: diana_coman, nice write-up!
diana_coman: it's still open to discussion as far as I can see it so any comments are most welcome
diana_coman: asciilifeform, what will that plagiarizing do?
a111: Logged on 2018-07-17 02:36 asciilifeform: monkey had ak for quite a while -- e.g. the openly published fg design; but apparently monkey has atrociously poor aim
diana_coman: asciilifeform, I keep getting the impression that you focus in turn on one or another aspect but not quite on the whole; I'm a bit at a loss to point out exactly where it breaks though
diana_coman: perhaps a more fleshed out exercise: say there are clients A and B that have binaries released and accepted by Eulora's server (as per known hashes) ; sources of those are released to l1
diana_coman: now monkey has access to old client source, sure
diana_coman: it can compile it as much as it wants, server won't answer for one thing
☟︎ a111: Logged on 2018-07-17 02:19 asciilifeform: mircea_popescu: ( admittedly i haven't read the referenced item ) what's to stop client from sending to server the old hashes ?
diana_coman: it can of course dig into binaries and get the hashes from A or B and then pretend their own code IS A or B but ..so what? i.e. author of A or B will get more money, is that bad?
☟︎ diana_coman: what the monkey can do will still help... non-monkey, that's the point
diana_coman: the assumption there is that someone who is able to get the hash out and change it in his own client is intelligent enough to actually earn money off his own work
diana_coman: rather than futzing about for pennies with that
diana_coman: put a different way: they are intelligent enough to have the option of earning money honestly and realise the risks of being dishonest are greater than they are worth
diana_coman: asciilifeform, "in the saeculum" != in tmsr; that's the whole thing
diana_coman: sure, but after they break it, what do they do with it that is a. not useful to tmsr b. downright problematic
diana_coman: I think you take those hashes to be an absolute promise of something; they are not; they are what they are (a mechanism, not an amulet!) and clearly stated; nobody pretends anything
diana_coman: ugh; listen: do you lock your entrance door?
diana_coman: because I seriously doubt that it can't be broken so why do you bother locking it?
diana_coman: you'd probably still bother with an anti-teleport device although that one will also have some way of being broken
BingoBoingo: asciilifeform: One of many possible archive links added
BingoBoingo: asciilifeform: It takes time to put the comatose look alike together
Mocky:
http://btcbase.org/log/2018-07-17#1835572 >> does it change your pov if the hash is no form of protection or implied protection but merely an accounting convenience. like say
http 'referrer' on phuctor page links to pizarro. maybe pizarro uses referrer to track where customer comes from and if came from known ad placement then counts customer for that ad. is referrer string now promisatronic protection since anyone
☝︎ a111: Logged on 2018-07-17 13:41 asciilifeform: diana_coman: the conundrum from my pov is that why to bother with protections if 'so what if they break, not as if it does anything'
Mocky: can 'break' so why bother?
Mocky: asciilifeform, what's being protected?
Mocky: asciilifeform, i get that. I read your 'realistic description' statement to mean referrer string is promisatronic protection, was asking what referrer string is protecting.
Mocky: asciilifeform, assume for the sake of argument diana_coman said 'dun care about make use difficult, let them use whatever works', do you still have objection to that?
Mocky: i've also been on both sides of make / break protections (although break for fun not pay). if hash is used as protection, i see that as valid objection
diana_coman: Mocky's description is correct - it is an accounting mechanism, yes
diana_coman: I didn't even realise there was some way to see it as protection against ...what? code copying or what?
diana_coman: asciilifeform, no, it's not about making use of any client more difficult per se
a111: Logged on 2018-07-17 13:35 diana_coman: it can compile it as much as it wants, server won't answer for one thing
a111: Logged on 2018-07-17 13:36 diana_coman: it can of course dig into binaries and get the hashes from A or B and then pretend their own code IS A or B but ..so what? i.e. author of A or B will get more money, is that bad?
diana_coman: the overall idea is to pay authors of clients based on how much their clients are actually used
☟︎☟︎ diana_coman: the ~only scenario I could come up with re abusing that hash is where author of A that is less successful than known B decides somehow to distribute a doctored version of B that sends the hashes of A - it's already rather insane I'd say
lobbes:
http://btcbase.org/log/2018-07-17#1835608 << this was a key piece I was missing as well. For some reason I thought scheme was 'lock down production of binaries so as to allow authors to work out their own pay-for-client mechanism.' Whole thing makes way more sense to me nao
☝︎☟︎ a111: Logged on 2018-07-17 17:04 diana_coman: the overall idea is to pay authors of clients based on how much their clients are actually used
lobbes: Lulzy "We have tested image transfers using Google's WebP format to try conserve bandwidth as much as possible, but the lack of support in several browsers has given us second thoughts."
☟︎ a111: Logged on 2018-07-17 17:33 asciilifeform: nerated for itself...' etc.
BingoBoingo: And was shocked mostly with the though "it"s can rate?
a111: Logged on 2018-07-17 18:54 lobbes: Lulzy "We have tested image transfers using Google's WebP format to try conserve bandwidth as much as possible, but the lack of support in several browsers has given us second thoughts."
a111: Logged on 2018-07-05 16:40 mircea_popescu: current gear can't deal with pulse piracy
deedbot: mircea_popescu rated lobbes 3 at 2017/02/08 17:11:19 << eulora logs + auction bot, and altogether a very solid lordship candidate.
mircea_popescu: !!rate lobbes 3 his lordship the lord of the auction house
deedbot: mircea_popescu rated spyked 2 at 2017/08/19 17:53:59 << aka Lucian Mogosanu, arm guy and other things. e-known him for years.
mircea_popescu: !!rate spyked 3 his lordship the lord crypto-alchemist
mircea_popescu: ave1 i dunno if you've seen the republican license btw ? not like we give out ~anything~ that's "legally" usable by the pantsuit tards.
a111: Logged on 2018-07-17 04:28 ave1: I find the 'if it can happen, it will happen' a strange argument. Let's say you let a friend stay in your house while you are away for a couple of months? Yes, he could destroy the house and steal the contents, still this arrangement works and has worked for many friends.
mircea_popescu:
http://btcbase.org/log/2018-07-17#1835511 << it's really not at all the intention to prevent smart people from improving on the client. if anyone looks even vaguely like he could reverse engineer his pocket flashlight or anything, i'm quite sure he'd find self in some sort of productive arrangement in short order.
☝︎ a111: Logged on 2018-07-17 09:42 spyked:
http://btcbase.org/log/2018-07-16#1834921 <-- I'm sold on the idea i. in particular for eulora, and ii. otherwise for it to be established on a case-by-case basis. for (i), I see nothing wrong with e.g. challenging users to reverse-engineer the client (or maybe I'm just nostalgic about game cracking/trainers).
mircea_popescu: after all, what the fuck are we even doing here ? not like it has ~yet~ happened someone with head screwed on straight got turned away.
mircea_popescu:
http://btcbase.org/log/2018-07-17#1835516 << you don't take my meaning. the machine doesn't care about your political corectness. it only sees those people involved that are actually people. if your dog shits in my lawn im not gonna complain to dog ; and if idiot miscompiles code into a pile of shit, the machine's mute sadness will not be directed at idiot.
☝︎ a111: Logged on 2018-07-17 09:53 spyked:
http://btcbase.org/log/2018-07-16#1835039 <-- this imho doesn't make asciilifeform an idiot, it makes user responsible for whatever setup he runs the binary on. the same guarantee would be given for hypothetical linux kernel with changed abi as for mswindows kernel. as much as the word of heathens are not to be trusted, heathen did promise e.g.
https://archive.is/KD183#selection-248.64-248.65 . so imho misbehaving kernel will just be
mircea_popescu: because this is what subhumanity is all about : "anonimity", right, the incapacity to mean anything to anyone.